CVE-2009-3633

EPSS 0.38%

TYPO3 API function vulnerable to Cross-site Scripting

Published: 5/2/2022Modified: 2/8/2024

Description

Cross-site scripting (XSS) vulnerability in the `t3lib_div::quoteJSvalue` API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing algorithm.

Affected packages (1)

Packagist/typo3/cms-corefrom 0, <= 4.0.13

References (10)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2009-3633
PATCHhttps://github.com/TYPO3-CMS/core
WEBhttp://marc.info/?l=oss-security&m=125632856206736&w=2
WEBhttp://marc.info/?l=oss-security&m=125633199111438&w=2
WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/53925
WEBhttps://github.com/TYPO3/typo3/commit/51f3dd9804cae04575323b92a9136e5a511fe810
WEBhttps://github.com/TYPO3/typo3/commit/5d4218fad3aeda46236754004232d7e635205e7a
WEBhttps://github.com/TYPO3/typo3/commit/ef9ab2da76c2506306d835209d2a38195bdf7bcf
WEBhttps://web.archive.org/web/20101223093042/http://www.securityfocus.com/bid/36801
WEBhttp://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016